Skip to content

Commit

Permalink
Fix x509_check_host return value
Browse files Browse the repository at this point in the history 
The [x509_check_host docs](https://www.openssl.org/docs/man1.1.1/man3/X509_check_host.html)
state:
> The functions return 1 for a successful match, 0 for a failed match
and -1 for an internal error: typically a memory allocation failure or
an ASN.1 decoding error.
All functions can also return -2 if the input is malformed. For example,
X509_check_host() returns -2 if the provided name contains embedded
NULs.

The current implementation will return `true` for 1, -1, and -2,
therefore returning an incorrect value if any of the above error cases
are hit.
  • Loading branch information
@evanrittenhouse @rushilmehra
evanrittenhouse authored and rushilmehra committed Jul 31, 2024
1 parent 04abc99 commit 07bfd55
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion boring/src/x509/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -601,7 +601,7 @@ impl X509Ref {
0,
std::ptr::null_mut(),
))
.map(|n| n != 0)
.map(|n| n == 1)
}
}

Expand Down

0 comments on commit 07bfd55

Please sign in to comment.